-Sum of Even Numbers (plus previous calculation): 51 + 2 + 6 + 0 + 2 + 2 = 63
-The next divisble by 10 number is 70, it would take "7" to add to 63 to get there
-CheckSum is 7
Slide Notes
What if We Lost a Digit?:
0226009?6207 - We don't know the 8th digit
However, we still do have the checksum
We will treat this like any hash based brute force
(Guess all possible values and see if hashes match)
Slide Notes
Digit Guessing Attack
Guess
Checksum
022600906207
9
022600916207
8
022600926207
7
022600936207
6
022600946207
5
022600956207
4
022600966207
3
022600976207
2
022600986207
1
022600996207
0
Slide Notes
But Wait, There's More!:
The checksum isn't the only thing that leaks data
In General:
Barcode Format: T LLLLL RRRRR C
T - Type of Product
L - Left Digits
R - Right Digits
C - CheckSum
Slide Notes
Product Types
Pharma = 3
Normal Products 0, 1, 6, 7, & 8, where LLLLL is Manufacturer and RRRRR is specific Product
Coupons are 5 and 9
Local to store is 2 and 4
4 - Normal store knock-off brands, loyalty cards, and some coupons
2 - items sold by variable weight
Variable-weight items, such as meats and fresh fruits and vegetables, are assigned a UPC by the store,
if they are packaged there. In this case, the LLLLL is the item number,
and the RRRRR is either the weight or the price, with the first R determining which.
Slide Notes
Simple Example Breakdown:
-Our original barcode example was: 022600926207
-So 0 means it's a normal product
-22600 means that the manufacturer is "Trojan"
-92620 means that the product is "Ultra Thin Lubricated"
Slide Notes
More Complex Example:
Store Brand Bananna
2 12345 2 1234 9
-2: This is a store brand produce item
-12345: This is the type of product (we will call it a banana)
-2: We will assume this means weight
-1234: This is the weight of our banana
-9: Checksum Slide Notes
Things that leak data:
-first digit, we know has to be 2 or 4, and more likely 4
-digits 2-5 may be similar to items around it
-if 6th digit defines weight, you can guess digits 7-11 more reliably if you have the weight of the product
-and the 12th digit can give you any 1 digit that you do not know
Slide Notes
UPC to TCP/IP metaphore (Trojan):
IP has a 2 byte checksum, so does TCP
Both IP and TCP refer to Source and Destination IP addresses for their calculations
If you have only IP checksum, you can guess any 2 arbitrary bytes
If you have both checksums, you can guess any 4 arbitrary bytes of IP (unless it's the IP addresses), and another 2 bytes of TCP
Slide Notes
The TCP/IP bannana:
What else can we use to narrow bad guesses down: